Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a google.rpc.Code.PERMISSION_DENIED will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
HTTP request
POST https://iap.googleapis.com/v1beta1/{resource=**}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-17 UTC."],[[["This endpoint tests the permissions a caller has on an Identity-Aware Proxy (IAP) protected resource, returning a `google.rpc.Code.PERMISSION_DENIED` error if the resource doesn't exist or the caller lacks IAP permissions."],["The HTTP request uses the `POST` method with a specific URL format that includes a required `resource` path parameter following [gRPC Transcoding](https://google.aip.dev/127) syntax."],["The request body must include a JSON object containing an array of specific permissions to check for the provided `resource`, and wildcard permissions are not allowed."],["A successful request will return a response body that is an instance of [TestIamPermissionsResponse](/iap/docs/reference/rest/Shared.Types/TestIamPermissionsResponse)."],["Authorization for this endpoint requires the `https://www.googleapis.com/auth/cloud-platform` OAuth scope, as detailed in the [Authentication Overview](https://cloud.google.com/docs/authentication/)."]]],[]]
